Written by Jeff Cleverley, Alibaba Cloud Tech Share author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

There are many PHP-based Content Management Systems (CMS) that you can run on an Alibaba Cloud ECS Instance with a LEMP stack. Of these, Craft CMS is probably one of the slickest.

From the Craft CMS website:

"Craft is a content-first CMS that aims to make life enjoyable for developers and content managers alike." -
Source

Craft is laser focused on doing one thing really well - managing content. While being an incredibly flexible CMS, it is also extremely easy to use with a clean and fresh user interface (UI). Out of the box, it includes everything a performant CMS needs within its core, including user management, media and asset management, flexible taxonomies, field management, content relationships, routing, and highly performant search. Having said that, it is also extensible with a healthy plugin selection.

As Craft is built using the Yii high performance PHP framework, and adheres to modern PHP standards, it is also a very scalable and stable platform.

This tutorial assumes that you have already provisioned an Alibaba Cloud Instance. It is recommended to provision an instance with at least 1GB of memory.

We will also proceed under the assumption that you have uploaded your public SSH key to your instance when you provisioned it, and that you have SSH software and Terminal/Command Line on your computer. All *nix based operating systems come with this as standard. If you are using Windows you will need to use PuTTY or install the Ubuntu Linux Subsystem for Windows.

During the tutorial, we will be issuing commands on the server as a root user. If you are using a superuser, you will need to issue the sudo commands before any commands contained in the tutorial.

In the command code examples, I will be using example.com and www.example.com where appropriate. In the screenshots of live execution, I used a test domain duang.party for demonstrative purposes. When you are running through this tutorial replace all domains with your own domain.

Step 1. Install Nginx

Login to your server:

ssh root@your_instance_ip

First we will update our package manager, before installing the highly performant Nginx web server:

apt-get update
apt-get install nginx

You will be prompted to confirm the use of some additional disk space, return yes to continue and Nginx will install.

Install Nginx.

Step 2. Install and Secure MariaDB

Next up we need to install our MySQL database. We will be using MariaDB, a highly performant drop in replacement for MySQL created by MySQL's original developer. It is free and open source and comes with the guarantee that it will always remain so.

Do that with the following command:

apt-get install mariadb-server

Click yes when prompted:

Install MariaDB as a drop in replacement for MySQL

Once you have installed MariaDB, enable auto starting, start the service, and check its status by executing:

systemctl enable mysql
systemctl status mysql

Your terminal should show you that MariaDB is both 'loaded' and 'active':

Enable MariaDB to start and check its status

We must also remember to secure our MariaDB installation. Do that with the following:

Step 3. Install PHP7

The final part of the LEMP stack we need to run Craft CMS is PHP. Although Craft will run on PHP5.3 and upwards, it is not advisable to use old and unsupported versions. PHP7+ is much more secure and provides incredibly superior performance.

As Nginx doesn't natively process dynamic content, such as PHP scripts, we will need to install PHP-FPM. This will install all the core PHP packages we need to run with an NGINX server. Let's also install the PHP extension for MySQL at the same time:

apt-get install php-fpm php-mysql

Craft CMS requires a few other PHP packages that aren't included in PHP-FPM, so we need to install them separately:

Step 6. Download and Prepare the CraftCMS Files

We will need to unzip the archive, but first we need to install a package to do that:

apt-get install unzip

We can now unzip the archive:

unzip craft.zip

When you unzip the archive it will create two directories within your root directory, 'craft' and 'public', you can see them if you list out the directory:

ls

Craft has a very modern directory structure, its public directory only includes the 'index.php' file required to run the application. This is the file our Nginx virtual host points to in order to serve the site. All of the nuts and bolts of the CraftCMS are run securely from a directory one level above the index.php file.

When you listed out the root directory contents, you will see that the 'craft.zip' archive is still there, we need to delete it:

rm craft.zip

We also need to check ownerships of our directories:

ls -l

As you can see 'root' owns both the 'craft' and 'public' directories:

Remove the Archive and Check directory ownerships

Make the server user 'www-data' the owner of both directories, then recheck:

chown -R www-data:www-data /var/www/example.com
ls -l

You should now be able to confirm that 'www-data' user and group owns both directories:

Change the ownership of the Craft directories to www-data

Step 7. Configure Domain and DNS

Now we have our directory and file structure prepared, we need to prepare our domain and Nginx virtual host configuration.

You will then need to configure at least two DNS records. You will need to add an 'A' record with the '@' host and your Instance IP address as the value. You will also need to add a 'CNAME' record with the 'www' and your domain name as the value.

Add a domain with an A and CNAME record

The Alibaba Cloud DNS will also provide you with two DNS server records (nameservers). If you are using a third-party domain registrar, you will need to login to your registrar and replace your domains current Nameserver records with those provided by Alibaba Cloud DNS.

Step 8. Create Nginx Virtual Host Files

Create a virtual host Nginx configuration file for your site in the '/etc/nginx/sites-available/' directory, and open it for editing:

In the next step, we will be using Let's Encrypt to issue an SSL certificate for our site, so make sure to remember to add your domain both with and without the 'www' host at the 'server_name' directive.

Your Virtual Host file for your domain should look like this:

Edit your Nginx Virtual Host file

Save and close the file, then symlink the file into the '/etc/nginx/site-enabled/' directory.

Make Sure Port 443 Is Open

Before we can install a certificate, we need to make sure our Alibaba Cloud security group has Port 433 (SSL) open. Visit your management console and security group and quickly check.

Obtain a Let's Encrypt SSL Certificate

To obtain a Let's Encrypt SSL certificate with Certbot is easy using their Nginx Plugin:

certbot --nginx -d example.com -d www.domain.com

Add your each domain (with and without www) immediately preceded by the domain flag '-p'.

Certbot will add all the necessary configurations to your Virtual Host.

Note:

At the time of writing this tutorial, a new security report has meant that Let's Encrypt has temporarily disabled part of their mechanism for issuing SSL certificates until they roll out a fix. In the meantime we need to use an amended command that stops Nginx before issuing the certificate, then restarts Nginx afterwards.

You will be asked for your email address, to agree to their terms, and whether you want to create an HTTPS redirect (Yes). Once you have answered these, Certbot will have successfully obtained your SSL certificate and automagically updated your Nginx Virtual Host file so your site will be served over HTTPS.

Step 10. Create a Database

Then add create your user and password, and grant your user the required privileges. Make sure you use a strong password:

GRANT ALL ON craft.* TO 'new_user'@'localhost' IDENTIFIED BY 'new_users-password';

Finally, flush privileges and exit:

FLUSH PRIVILEGES;
EXIT;

After each command, you should have received a 'Query OK' response, and your terminal should look something like this:

Create your database and user

Step 11. Configure the CraftCMS Database Connection

You can find CraftCMS's database configuration file, 'db.php', within the '/craft/config/' directory. Open it for editing:

nano /var/www/example.com/craft/config/db.php

Inside the file, configure it like so, using the database details you created in the previous step:

return array(
// The database server name or IP address. Usually this is 'localhost' or '127.0.0.1'.
'server' => 'localhost',
// The name of the database to select.
'database' => 'craft',
// The database username to connect with.
'user' => 'new_user',
// The database password to connect with.
'password' => 'new_users_password',
// The prefix to use when naming tables. This can be no more than 5 characters.
'tablePrefix' => 'craft',
);

In your terminal it should look like the following:

Configure CraftCMS to access your Database

Step 12. Install and Configure CraftCMS

Time to install CraftCMS. To do that visit your domain:

https://example.com

If everything has been configured properly you will be greeted by the CraftCMS installer:

Begin to install CraftCMS

You will need to create your account, enter a username, email and password:

Create your CraftCMS account

Next up, you will set up your site. Enter your site name, the URL, and choose a language:

Set up your site

The installer will take a few seconds to configure everything before letting you know it has finished and giving you a link to your dashboard:

Configuration is complete

The CraftCMS dashboard has a clean, user-friendly interface. You should explore and start managing your content.

CraftCMS dashboard

If you visit your site URL, you will see a very basic template:

Your un-themed site

Don't worry about this basic theme, Craft has an excellent templating system that uses Twig for creating incredible beautiful, responsive, and fast themes.